OGRNIP (Main State Registration Number of Individual Entrepreneur): 1151651002601
This Policy governs the manner in which the Maxim Service (hereinafter referred to as the “Service”) collects and processes personal and other confidential data of individuals using automation tools via the Internet.
1 Terms and Definitions
1.1. The following terms and definitions are used throughout this document:
1) "Mobile application" shall mean the computer program “maxim - order a taxi” installed on the Client’s device running the mobile operating systems iOS, Android, Windows Phone, integrated into the hardware and software system of the Service and allowing to automate the process of creating orders for the provision of services.
2) "Website" shall mean a set of programs for computers and other information contained in the information system, access to which is provided via the Internet by domain names, and (or) network addresses that allow to identify the Internet websites, and used by the Service to provide services to Clients. The website addresses: https://taximaxim.ru, https://taximaxim.com, https://corp.taximaxim.com, https://corp.taximaxim.com, https://client.taximaxim.ru, https://client-br.taximaxim.com.
3) "Personal data" shall mean any information relating directly or indirectly to a specific or definable individual (subject of personal data).
4) "Personal data processing" shall mean any action (operation) or a set of actions (operations) performed with or without the use of the automation tools, involving personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, granting access), depersonalization, blocking, deletion, destruction of personal data.
5) "Provision of personal data" shall mean the actions aimed at disclosing personal data to a specific person or a specific group of persons.
6) "Blocking of personal data" shall mean the temporary suspension of the processing of personal data (except in cases where the processing is necessary for correcting personal data).
7) Destruction of personal data" shall mean the actions resulting in the impossibility of the restoration of the content of personal data in the personal data information system and (or) the destruction of personal data physical media.
8) "Personal data information system" shall mean a set of personal data contained in the databases and information technologies and technical means ensuring its processing.
9) "Automated processing of personal data" shall mean the processing of personal data by means of computer technology.
10) "Service" shall mean a party that independently organizes and (or) performs the processing of personal data, as well as defines the purposes of the processing of personal data, the content of personal data to be processed, actions (operations) performed with personal data.
11) "Client" shall mean an individual who orders services through the website, mobile application, or a call to the subscriber telephone number of the Service and provides his/her personal data for this purpose.
12) "Partner" shall mean a person that independently, on his/her own, provides the Client with services for transportation of passengers, delivery of goods (freight), carrying out loading and unloading operations. However, the Service is not a transport company and does not independently provide any transport services to the Client.
13) “Services” shall mean the services provided to the Client by the Partner and ordered via the Service.
14) "Cookies" shall mean pieces of data sent by the website and stored on a computer, mobile phone, or another device from which the Client accesses the website, and used to store data about the Client’s actions on the website.
15) "Device identifier" shall mean unique data allowing to identify the Client’s device on which the mobile application is installed, and provided by the device itself or calculated by the mobile application.
2 General Provisions
2.1 This document defines the policy of the Service regarding the processing of personal data of Clients, the categories of personal data processed, the rights and obligations of the Client and the Service during the processing of personal data.
2.2 The Client’s request to the Service for ordering Services means consent to the terms and conditions of this policy, including the Client’s consent to the processing of the Client’s personal data by the Service. In accordance with Art. 9 of Federal Law dated 27.07.2006 No. 152-FZ “On Personal Data”, the Client gives the Service a specific, substantive, informed, conscious and unambiguous consent to processing of the Client’s personal data. The categories of personal data processed and the purposes of personal data processing are specified in the relevant sections of this Policy. The Client gives the Service consent to automated and non-automated processing of the Client’s personal data by the Service, namely: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction.
This consent is valid until it is withdrawn by the Client or until the Service ceases its activities.
2.3 The purpose of collecting and processing of personal data is conclusion and performance of the contract, the subject of which is defined in the Public Offer posted on the website of the Service. When collecting and processing personal data, the Service does not pursue any purposes other than performance of the specified contract.
3 Types of Personal Data Collected and Processed
3.1 The Service collects various types of the Client data, which can be divided into the following categories:
1) the Client’s identification data;
2) geolocation data;
3) payment data;
5) the Client’s device data;
6) mobile network operator data;
7) order history.
4 Client’s Identification Data
4.1 This category includes the data directly related to the identity of the Client:
1) last name, first name, patronymic;
2) date of birth;
4) subscriber phone number;
5) e-mail address
4.2 The following personal data are provided to the Service at the discretion of the Client and may be changed and/or deleted by the Client at any time. The accuracy of this data is not verified by the Service, and its non-provision does not affect provision of the Services:
1) last name, first name, patronymic;
2) date of birth;
4) e-mail address.
4.3. The Client’s personal data shall be destroyed by the Service in case of withdrawal by the Customer of his/her consent to the processing of his/her personal data.
4.4. Destruction of the Client’s personal data shall be carried out without the possibility of its subsequent restoration.
5. Geolocation Data
5.1. The Service receives the data on the location of the Client (geolocation data) through the mobile application. Geolocation data is transmitted to the Service only during the use of the mobile application. The Client, at his/her discretion, can prohibit the transmission of geolocation data by changing the corresponding settings of his/her mobile device.
6. Payment Information
6.1. In order to be able to pay for transport services provided by Partners by cashless payment using bank cards, the Client can bind a bank card to his/her subscriber phone number. The Client shall bind the bank card independently in the mobile application by providing the following data:
1) bank card number;
2) bank card expiration date;
3) bank card holder full name;
4) bank card security code.
6.2. Cashless payment using bank cards shall be carried out in accordance with the international payment systems rules on principles of confidentiality and security of payment. The security of the data provided by the Client shall be ensured by the compliance of the procedures with the requirements of the Payment Card Industry Data Security Standard, and no one, including the Service, can obtain it. Bank card data shall be entered on the secure payment page of the acquiring bank providing the option of cashless payment for services.
7.1. The Website uses the Yandex.Metrica web analytics service provided by YANDEX LLC (hereinafter referred to as Yandex).
The Yandex.Metrica service uses the cookie technology, which consists of small text files placed on users’ computers for the purpose of analyzing their user activity.
The information collected by cookies does not identify a user of the Website. The information on the use of the Website collected via cookies will be transmitted to Yandex and stored on the Yandex server in the EU and the Russian Federation. Yandex will process this information to evaluate the use of the Website, compile reports on the Website activity and provide other services. The use of the Website means consent to the processing of personal data by Yandex in the manner and for the purposes specified in this paragraph.
7.2. The Service can use the following types of cookies:
1) Strictly necessary cookies. They are necessary to navigate the website and use the requested services. Cookies of this type are used when the Client registers and logs in. The services requested by the Client become unavailable without them. These cookies are essential and can be either persistent or temporary. Without the use of this type of cookies, the website does not function properly.
2) Performance cookies. They collect website usage statistics. These files do not access the Client’s personal information. All information collected by these cookies is statistical and anonymous. The purposes of using these cookies are:
- Obtaining the website usage statistics;
- Evaluating the effectiveness of advertising campaigns.
These cookies can be persistent or temporary and can relate to both essential and third-party cookies.
7.3. Functional cookies. They are used to memorize information provided by the Client (such as username, language, or location). These files use anonymized information and do not track the Client’s actions on other websites. The purposes of using these cookies are:
1) Memorizing information about whether any services were previously provided to the Client;
2) Improving the quality of online experience in general by memorizing the preferences selected by the Client.
These cookies can be persistent or temporary and can relate to both essential and third-party cookies.
7.4. Advertising cookies. They are used to manage advertising materials on the website, limit the number of times an ad is viewed by a user, as well as to evaluate the effectiveness of advertising campaigns. Advertising cookies are placed by third parties, for example, advertisers and their agents. These files are associated with advertising on the website provided by third-party companies. They can be either persistent or temporary.
7.5. The Client can use the settings of the browser used by him/her in order to block or delete cookies, as well as to limit their functioning.
8 Client’s Device Data
8.1 The Service receives the data about the Client's device, the applications installed on it and the Internet connection via the Mobile Application. This category includes information about the device model, operating system, browser data, IP address, device identifiers.
8.2 The collected device data does not contain the Client's personal data.
8.3 The purpose of collecting information about the device is internal recording of users of the Mobile Application, as well as improvement of its operation.
9. Data on a Mobile Operator
9.1. The Service, through the mobile application, receives data on the operator that provides the Client with mobile phone (cellular) services.
9.2. The data collected on the mobile operator does not contain personal data of the Client.
9.3. The purpose of collecting data on the mobile operator is to automatically determine in the mobile application settings the data on the Client’s country of residence and the language of the application interface.
10. Order History
10.1. The Service retains the information about the Client’s ride history, namely, the time of creation of the Order, the address of the pick-up point, the intermediate and drop-off points of the route, the rate applied, the payment method and other data specified when creating the Order.
10.2. The purpose of collecting information on the history of Orders is the improvement of the quality of provided services by automatic filling in the Order information using the previously obtained data, which reduces the Order creation time.
11. Measures of Protection of Personal Data of the Client
11.1. In order to protect the personal data of the User, the Copyright Holder shall take legal, organizational and technical measures to ensure the confidentiality regime of personal data, their safety, protection against unlawful receipt, distortion or destruction.
11.2. During the processing of personal data, the Client shall be entitled:
1) to receive information in regards to the processing of his/her personal data, also containing: confirmation of the processing of personal data; legal basis and purposes of the processing of personal data; purposes and methods of the processing of personal data; information about the name and location of the person processing personal data, information about the persons (except for the employees of the Service) that have access to personal data or to which personal data may be disclosed based on a contract with the Service or based on the current legislation; personal data being processed relating to the respective subject of personal data, the source of personal data received unless otherwise provided for by the current legislation; time limits of the processing of personal data, including the time limits of its storage; procedure for the exercise by the Client of the rights provided for by the current legislation; information on the completed or intended cross-border data transfer; title or last name, first name, middle name, and address of the person processing personal data on behalf of the Service, in case the processing is or is to be assigned to such a person; other information as provided for by the current legislation;
2) to require the Service to correct his/her personal data, to block or destroy it in cases where the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of the processing, as well as to take legal measures to protect his/her rights.
3) to appeal the actions or omissions of the Service to an authorized body for the protection of the rights of subjects of personal data, or in court, in case the Client believes that the Service processes personal data in violation of the requirements of the current legislation or otherwise violates his/her rights and freedoms.
4) to protect their rights and legitimate interests, including to claim damages and (or) compensation for moral damage in court.
11.3. During the processing of personal data, the Service shall:
1) provide the Client with the following information at his/her request:
- confirmation of the processing of personal data;
- legal basis and purposes of the processing of personal data;
- purposes and methods of the processing of personal data;
- its title and location, information about the persons (except for employees) that have access to personal data or to which personal data may be disclosed based on a contract or based on a federal law;
- the Client’s personal data being processed and its origin, unless otherwise provided for by the current legislation;
- time limits of the processing of personal data, including the time limits of its storage;
- procedure for the exercise by the Client of the rights provided for by the current legislation;
- information on the completed or intended cross-border data transfer;
- title or last name, first name, middle name, and address of the person processing personal data on behalf of the Service, in case the processing is or is to be assigned to such a person;
- other information as provided for by the current legislation;
2) ensure the adoption of measures for the prevention of unauthorized access to the Client’s personal data;
3) publish or otherwise provide unrestricted access to the document defining the policy on the processing of personal data, as well as to the information about the requirements being implemented for the protection of personal data.
11.4. The Client’s personal data shall be stored on electronic media and processed using automated personal data processing systems.
11.5 Only employees of the Service may have access to the Clients’ personal data. In other cases, the Service shall not disclose the Client’s personal data, nor shall it provide access to third parties without the Client’s prior consent, except for cases when personal data is provided at the request of authorized state bodies in accordance with the current legislation.
11.6. The Service shall implement the following measures for the prevention of unauthorized access to the Client’s personal data. The Service shall:
1) appoint the employees responsible for the organization of the processing of personal data;
2) implement organizational and technical measures to ensure the security of the Client’s personal data.
11.7 The Client is entitled to request the Service to correct (update) their personal data, block or delete it in case the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, and to withdraw their consent to the processing of personal data by sending to the Service the relevant request and (or) the demand in writing. The relevant request can also be sent in electronic form by means of the Mobile Application or in written form to the location address of the Service.
11.8 For issues concerning the processing of personal data, the Client can contact the Service at its location or via the feedback form on the Website.